For DB2 9.5 and up Quest/OneIdentity now recommends using the DB2 built-in functionality to connect to Active Directory instead of Quest DB2 plugin. The DB2 built-in functionality supports Transparent LDAP authentication which makes the db2_sys-auth security plugin for DB2 UDB obsolete.

The db2_sys-auth project is not being actively developed and is no longer supported.

As of April 30th, 2018, this project will be removed from Resource Central.

Transparent LDAP authentication allows users to authenticate through the OS (LAM on AIX, otherwise PAM, like the Quest DB2 Security Plugin), which can then use QAS. This does not require setting up LDAP, QAS fulfills that role.

db2_sys-auth is a security plugin for DB2 UDB
that authenticates users using PAM or AIX's LAM.
With Quest Authentication Services, this plugin allows Unix-enabled Active Directory users to
use your databases.

The plugin uses getgrent calls to determine group membership
(getgrset on AIX), getpwnam to validate user names, and
LAM/PAM to authenticate.
This means DB2 can now make use of any authentication system that
provides an NSS interface for information (administrative domains on AIX),
and LAM/PAM for authentication.
This includes Quest Authentication Services, LDAP, NIS and other third-party external systems.